Summary There are multiple vulnerabilities in containerd used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2022-31030 DESCRIPTION: **containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request using the ExecSync API, a local authenticated attacker could exploit this vulnerability to cause containerd to consume all available memory on the computer, and results in a denial of service condition. CVSS Base score: 5.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228282 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) ** CVEID: CVE-2022-23471 DESCRIPTION: **containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to exhaust memory on the host, and results in a denial of service condition. CVSS Base score: 5.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241615 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H) Affected Products and Versions Affected Product(s)| Version(s) —|— Decision Optimization for Cloud Pak for Data| All Remediation/Fixes Users are strongly encouraged to upgrade to IBM…Read More
Security Bulletin: Multiple vulnerabilities in containerd may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2022-31030, CVE-2022-23471)
